Ce contenu n'est pas disponible dans la langue sélectionnée.
5.9. Port Forwarding
Using
firewalld
, you can set up ports redirection so that any incoming traffic that reaches a certain port on your system is delivered to another internal port of your choice or to an external port on another machine.
5.9.1. Adding a Port to Redirect
Before you redirect traffic from one port to another port, or another address, you need to know three things: which port the packets arrive at, what protocol is used, and where you want to redirect them.
To redirect a port to another port:
~]# firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-number
To redirect a port to another port at a different IP address:
- Add the port to be forwarded:
~]#
firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP
- Enable masquerade:
~]#
firewall-cmd --add-masquerade
Example 5.1. Redirecting TCP Port 80 to Port 88 on the Same Machine
To redirect the port:
- Redirect the port 80 to port 88 for TCP traffic:
~]#
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=88
- Make the new settings persistent:
~]#
firewall-cmd --runtime-to-permanent
- Check that the port is redirected:
~]#
firewall-cmd --list-all
5.9.2. Removing a Redirected Port
To remove a redirected port:
~]# firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>
To remove a forwarded port redirected to a different address:
- Remove the forwarded port:
~]#
firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>
- Disable masquerade:
~]#
firewall-cmd --remove-masquerade
Note
Redirecting ports using this method only works for IPv4-based traffic. For IPv6 redirecting setup, you need to use rich rules. For more information, see Section 5.15, “Configuring Complex Firewall Rules with the "Rich Language" Syntax”.
To redirect to an external system, it is necessary to enable masquerading. For more information, see Section 5.10, “Configuring IP Address Masquerading”.
Example 5.2. Removing TCP Port 80 forwarded to Port 88 on the Same Machine
To remove the port redirection:
- List redirected ports:
~]#
firewall-cmd --list-forward-ports
port=80:proto=tcp:toport=88:toaddr= - Remove the redirected port from the firewall::
~]#
firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=88:toaddr=
- Make the new settings persistent:
~]#
firewall-cmd --runtime-to-permanent